Insights
Publications

hiQ’s Groundbreaking Injunction Against LinkedIn Reaffirmed: Scraping of Publicly Available Data Likely Does Not Violate CFAA

April 26, 2022

The U.S. Court of Appeals for the Ninth Circuit has affirmed its prior decision, holding that LinkedIn could not block hiQ, a scraping entity, from scraping public LinkedIn profiles. The court found it was unlikely that hiQ had violated the Computer Fraud and Abuse Act (CFAA), which is commonly understood to be an anti-hacking law. However, this opinion is only limited to publicly available information. Meaning, a scraping company could still be liable under the CFAA if it is scraping information from a website that requires authorization or access permission, such as password authentication. 

Additionally, the court noted that data aggregators could bring other, non-CFAA claims, against scraping entities even when those companies are scraping public information, such as breach of contract and copyright infringement claims. Thus, data scraping law is very nuanced and still in its early stages, making the guidance of counsel especially important before starting a data scraping business or cutting off access to data scrapers.

Farella Braun + Martel represented hiQ in obtaining the preliminary injunction and through its first appeal to the Ninth Circuit.

The Court’s Analysis

After the Ninth Circuit affirmed the preliminary injunction in 2019, LinkedIn filed a petition for writ of certiorari with the Supreme Court of the United States. The Supreme Court vacated the decision and remanded the case to the Ninth Circuit for further consideration in light of its decision in Van Buren v. United States, 141 S. Ct. 1648 (2021), a case concerning application of the Computer Fraud and Abuse Act (CFAA) in the criminal context. The Ninth Circuit once again affirmed the underlying hiQ Labs decision, largely mirroring its earlier analysis.

To obtain a preliminary injunction, a plaintiff must show that they are likely to succeed on the merits, likely to suffer irreparable harm in the absence of preliminary relief, the balance of equities tips in their favor, and an injunction is in the public interest. 

The Ninth Circuit found credible hiQ’s assertion that the survival of its business is threatened absent an injunction prohibiting LinkedIn from blocking hiQ from scraping publicly available information from LinkedIn’s website. Similarly, the balance of equities tipped “sharply” toward hiQ, given that LinkedIn’s interest in preventing data collection was outweighed by hiQ’s interest in continuing its business. Importantly, the court also determined that there was a strong public interest in preventing companies like LinkedIn from becoming “information monopolies” who could otherwise decide, on any basis, who can collect and use publicly available data.

The remainder of the Ninth Circuit’s decision explored how hiQ raised “serious questions” that supported its likelihood of success on the merits of its intentional interference with contract claim against LinkedIn. With respect to LinkedIn’s “legitimate business purpose” defense to this claim, the Ninth Circuit determined, inter alia, that hiQ’s interest in fulfilling its contracts with the customers of its data analytics products and services is stronger than LinkedIn’s comparatively weak “interest in protecting its members’ data and the investment made in developing its platform” and “enforcing its User Agreements’ prohibitions on automated scraping.”

The court also rejected LinkedIn’s further argument that blocking hiQ from scraping publicly available data was justified because such scraping violated the CFAA, 18 U.S.C. § 1030, which outlaws intentional access to a computer to obtain information “without authorization” from that protected computer (here, the LinkedIn servers would be the “protected computer”). Once again, the court agreed that hiQ had at least raised a “serious question” that its activities did not run afoul of the CFAA because LinkedIn’s information was accessible to the general public, and so data miners like hiQ were not accessing those servers “without authorization.”

The court explained that Congress created the CFAA with “hacking” and “breaking and entering” in mind, contemplating the existence of three kinds of computer system accessibility:

  1. access is open to the general public and permission is not required,
  2. authorization is required and has been given, and
  3. authorization is required but has not been given.

According to the Ninth Circuit, where information like a public LinkedIn profile is “available to anyone with an internet connection,” it falls under the first category, and thus the idea that anybody, including scraper entities, can access this information “without authorization” is “inapt.” The court added that Van Buren’s “gates-up-or-down inquiry”—“one either can or cannot access a computer system, and one either can or cannot access certain areas within the system”—is akin to categories (2) and (3). It held that Van Buren thus reinforces its conclusion “that the concept of ‘without authorization’ does not apply to public websites.”

Takeaways

Large data aggregators should not rely on the CFAA when bringing claims against scrapers of their publicly accessible data, or when defending against claims brought by those scrapers when the aggregators take measures to restrict access to the data. However, while the court closed one gate, it left several others open. In fact, it reminded readers that other causes of action including state law trespass to chattels, copyright infringement, misappropriation, unjust enrichment, conversion, breach of contract, or breach of privacy may still apply to such scraping activities. Indeed, plaintiffs in data scraping lawsuits routinely include such claims in their complaints. 

Firm Highlights

Publication

Section 230 Immunity Won’t Protect You: State and Federal Lawmakers Take Aim at Social Media Companies With Proposed Legislation Creating Affirmative Duties to Act to Prevent Harm to Users

Three new bills, one introduced in the California Assembly and two in the US Senate, are taking aim at online social media platforms. If adopted, these bills would significantly alter existing duties to prevent...

Read More
Publication

California’s Pay Transparency Act (SB 1162) – Are You Prepared?

This week the California legislature passed a pay transparency act that – pending Governor Newsom’s signature – will require significant changes in how employers draft job postings and how they report pay data to...

Read More
Publication

Caught in the Crossfire — How Will the War Exclusion Affect Commercial Policyholders?

The war exclusion has received a lot of attention over the past year, particularly since Russia invaded Ukraine in February. Policyholders’ concern that insurers will assert the exclusion as a basis to deny coverage...

Read More
News

Managing Intellectual Property's IP Stars 2022 Ranks Farella Braun + Martel Lawyers; Firm Recommended for Patent Litigation

Farella Braun + Martel’s Daniel Callaway , James L. Day , Jeffrey M. Fisher , Winston Liaw , Eugene Mar , and Stephanie P. Skaff were recognized by Managing Intellectual Property in the 2022...

Read More
Publication

New California Bill Requires Employers to Offer Bereavement Leave

AB 1949 , a bill passed by the California legislature and awaiting Governor Newsom’s signature, would require California employers to offer five days of bereavement leave to employees each time they lose a spouse...

Read More
News

As Feds Step Up White-Collar Enforcement, Companies Face Heightened Risks

Aviva Gilbert, Farella partner and co-chair of the firm's White Collar Criminal Defense and Internal Corporate Investigations Group, was quoted in the Corporate Counsel article "As Feds Step Up White-Collar Enforcement, Companies Face Heightened...

Read More
News

LinkedIn Loses Data Appeal

Erik Olson was quoted in the article "LinkedIn Loses Data Appeal" in CDR Magazine . In the article, Erik said: We are pleased to see that the Ninth Circuit has again affirmed, in light...

Read More
Publication

Platform Ecosystems – The Landscape of US and EU Legislation (Webinar)

Stephanie Skaff and Nate Garhart discuss "Platform Ecosystems – The Landscape of US and EU Legislation." Several new bills targeting online platform companies are making their way through state and federal legislative bodies in the...

Read More
Publication

Survey of Pay Disclosure Laws Across the Country

There has been a wave of new state and local legislation focused on pay transparency for job applicants. Right now, Colorado State and Jersey City are the only jurisdictions that require employers to provide...

Read More